Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sharepoint Services 3.0 - Cross Forest People Picker

Status
Not open for further replies.
JVKAdmin

JVKAdmin

IS-IT--Management
Dec 28, 2001
155
0
0
CA
Hi all,

I wonder if anyone has any information on how to get Sharepoint Services 3.0 working with cross-forest authentication, using only a one-way forest trust ?

I've read lots about how cross forest trusts in two way scenarios work wonderfully in the People Picker but I'm trying to configure a one-way forest trust between our internal AD domain and the Sharepoint server running in our DMZ (separate AD forest) and having no luck with the People Picker recognizing the user accounts from the internal Corporate domain. (I have verified all AD and DNS is working and can even set permissions for a user from the internal domain for a folder on the sharepoint server in the DMZ - this works).

I've read up on most STSADM commands I could find in order to make things work however things don't seem to be working properly. People Picker can't recognize the user sa

Any insight would be appreciated.

Thanks.
 
Sort by date Sort by votes
Anyone have any help here ?

I've looked over things and it looks to me like authentication is working on the windows end of things but not in the Sharepoint end of things...

The people picker still comes back with

"No Exact Match Could be Found" or something similar.

I've used the stsadm commands to enable a specific user to cross the forest trust (the wrong way) and connect to authenticate users from the internal trusted forest from the External forest (Sharepoint server).

Nothing I have tried is working so I must be missing a key point here or that Sharepoint Services 3.0 doesn't support crossforest authentication with Kerberos in a one-way forest trust scenario....

 
Upvote 0 Downvote
I was with you until you mentioned you are using Kerberos.

We tested, in a virtual environment off our main network, a WSS 3.0 farm of 3 servers: SQL and 1 web front-end in the internal forest, plus another web front-end in the DMZ forest (connected to the SQL server on the internal forest). The DMZ forest trusted the internal forest (one-way only).

This worked a treat from the point of view of granting permissions from either forest.

There were only a couple of restrictions. Firstly, if we had connected to the internal WSS server we could only pick people from the internal forest (this makes sense given the one-way trust). Secondly, we had to specify the forest name (e.g. INTERNAL\USER1) no matter which forest the user was in.

We didn't have to do anything with stsadm to get it to work. However we were only using NTLM, not Kerberos.

I know this doesn't answer your question directly, but I hope it provides some hope, if not help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Erichss
  • Locked
  • Question
Sharepoint Column Formatting Assistance
Replies
0
Views
129
Erichss
Erichss
FuzzyCub
  • Locked
  • Question
SharePoint Online Multiple Views on One Page
Replies
0
Views
123
FuzzyCub
FuzzyCub
Howesjaybird
  • Locked
  • Question
Syncing file server to sharepoint
Replies
1
Views
135
James Hauge
James Hauge
BTrees
  • Locked
  • Question
SharePoint Online-Reading/Access Lists-Using SSIS -OData Connection- Error 401 Unauthorized
Replies
0
Views
144
BTrees
BTrees
365user
  • Locked
  • Question
Sharepoint Online Tasks List
Replies
1
Views
126
Maxwell454
Maxwell454

Part and Inventory Search

Sponsor

Back
Top